summaryrefslogtreecommitdiff
path: root/profiles/homeserver
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/homeserver')
-rw-r--r--profiles/homeserver/acme.nix1
-rw-r--r--profiles/homeserver/dns.nix8
2 files changed, 8 insertions, 1 deletions
diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix
index 5092d63..1880db2 100644
--- a/profiles/homeserver/acme.nix
+++ b/profiles/homeserver/acme.nix
@@ -2,6 +2,7 @@
security.acme = {
acceptTerms = true;
defaults = {
+ extraLegoFlags = [ "--dns.disable-cp" ];
extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
email = ivi.email;
dnsProvider = "porkbun";
diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix
index a93425d..917c8bb 100644
--- a/profiles/homeserver/dns.nix
+++ b/profiles/homeserver/dns.nix
@@ -23,7 +23,13 @@
name = ivi.domain;
stub-addr = "127.0.0.1@10053";
} ];
- forward-zone = [ {
+ forward-zone = [
+ {
+ name = "_acme-challenge.${ivi.domain}";
+ forward-addr = config.services.resolved.fallbackDns;
+ forward-tls-upstream = true;
+ }
+ {
name = ".";
forward-addr = config.services.resolved.fallbackDns;
forward-tls-upstream = true;
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 14:14:23 +0000